* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* The main code for delivering a message. */
address_item *
deliver_make_addr(uschar *address, BOOL copy)
{
-address_item *addr = store_get(sizeof(address_item), FALSE);
+address_item * addr = store_get(sizeof(address_item), GET_UNTAINTED);
*addr = address_defaults;
if (copy) address = string_copy(address);
addr->address = address;
for (int i = 2; i > 0; i--)
{
int fd = Uopen(filename,
-#ifdef O_CLOEXEC
- O_CLOEXEC |
-#endif
-#ifdef O_NOFOLLOW
- O_NOFOLLOW |
-#endif
- O_WRONLY|O_APPEND|O_CREAT, mode);
+ EXIM_CLOEXEC | EXIM_NOFOLLOW | O_WRONLY|O_APPEND|O_CREAT, mode);
if (fd >= 0)
{
/* Set the close-on-exec flag and change the owner to the exim uid/gid (this
/*************************************************
-* Generate local prt for logging *
+* Generate local part for logging *
*************************************************/
+static uschar *
+string_get_lpart_sub(const address_item * addr, uschar * s)
+{
+#ifdef SUPPORT_I18N
+if (testflag(addr, af_utf8_downcvt))
+ {
+ uschar * t = string_localpart_utf8_to_alabel(s, NULL);
+ return t ? t : s; /* t is NULL on a failed conversion */
+ }
+#endif
+return s;
+}
+
/* This function is a subroutine for use in string_log_address() below.
Arguments:
{
uschar * s;
-s = addr->prefix;
-if (testflag(addr, af_include_affixes) && s)
- {
-#ifdef SUPPORT_I18N
- if (testflag(addr, af_utf8_downcvt))
- s = string_localpart_utf8_to_alabel(s, NULL);
-#endif
- yield = string_cat(yield, s);
- }
+if (testflag(addr, af_include_affixes) && (s = addr->prefix))
+ yield = string_cat(yield, string_get_lpart_sub(addr, s));
-s = addr->local_part;
-#ifdef SUPPORT_I18N
-if (testflag(addr, af_utf8_downcvt))
- s = string_localpart_utf8_to_alabel(s, NULL);
-#endif
-yield = string_cat(yield, s);
+yield = string_cat(yield, string_get_lpart_sub(addr, addr->local_part));
-s = addr->suffix;
-if (testflag(addr, af_include_affixes) && s)
- {
-#ifdef SUPPORT_I18N
- if (testflag(addr, af_utf8_downcvt))
- s = string_localpart_utf8_to_alabel(s, NULL);
-#endif
- yield = string_cat(yield, s);
- }
+if (testflag(addr, af_include_affixes) && (s = addr->suffix))
+ yield = string_cat(yield, string_get_lpart_sub(addr, s));
return yield;
}
else
{
uschar * cmp;
- int off = g->ptr; /* start of the "full address" */
+ int off = gstring_length(g); /* start of the "full address" */
if (addr->local_part)
{
#endif
reset_point = store_mark();
-g = string_get_tainted(256, TRUE); /* addrs will be tainted, so avoid copy */
+g = string_get_tainted(256, GET_TAINTED); /* addrs will be tainted, so avoid copy */
if (msg)
g = string_append(g, 2, host_and_ident(TRUE), US" ");
if (*queue_name)
g = string_append(g, 2, US" Q=", queue_name);
-#ifdef EXPERIMENTAL_SRS_ALT
-if(addr->prop.srs_sender)
- g = string_append(g, 3, US" SRS=<", addr->prop.srs_sender, US">");
-#endif
-
/* You might think that the return path must always be set for a successful
delivery; indeed, I did for some time, until this statement crashed. The case
when it is not set is for a delivery to /dev/null which is optimised by not
if (addr->message)
g = string_append(g, 2, US": ", addr->message);
-(void) string_from_gstring(g);
+ {
+ const uschar * s = string_from_gstring(g);
-/* Log the deferment in the message log, but don't clutter it
-up with retry-time defers after the first delivery attempt. */
+ /* Log the deferment in the message log, but don't clutter it
+ up with retry-time defers after the first delivery attempt. */
-if (f.deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE)
- deliver_msglog("%s %s\n", now, g->s);
+ if (f.deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE)
+ deliver_msglog("%s %s\n", now, s);
-/* Write the main log and reset the store.
-For errors of the type "retry time not reached" (also remotes skipped
-on queue run), logging is controlled by L_retry_defer. Note that this kind
-of error number is negative, and all the retry ones are less than any
-others. */
+ /* Write the main log and reset the store.
+ For errors of the type "retry time not reached" (also remotes skipped
+ on queue run), logging is controlled by L_retry_defer. Note that this kind
+ of error number is negative, and all the retry ones are less than any
+ others. */
-log_write(addr->basic_errno <= ERRNO_RETRY_BASE ? L_retry_defer : 0, logflags,
- "== %s", g->s);
+ log_write(addr->basic_errno <= ERRNO_RETRY_BASE ? L_retry_defer : 0, logflags,
+ "== %s", s);
+ }
store_reset(reset_point);
return;
if (LOGGING(deliver_time))
g = string_append(g, 2, US" DT=", string_timediff(&addr->delivery_time));
-(void) string_from_gstring(g);
-
/* Do the logging. For the message log, "routing failed" for those cases,
just to make it clearer. */
-if (driver_kind)
- deliver_msglog("%s %s failed for %s\n", now, driver_kind, g->s);
-else
- deliver_msglog("%s %s\n", now, g->s);
+ {
+ const uschar * s = string_from_gstring(g);
+
+ if (driver_kind)
+ deliver_msglog("%s %s failed for %s\n", now, driver_kind, s);
+ else
+ deliver_msglog("%s %s\n", now, s);
-log_write(0, LOG_MAIN, "** %s", g->s);
+ log_write(0, LOG_MAIN, "** %s", s);
+ }
store_reset(reset_point);
return;
if(addr->prop.errors_address)
return_path = addr->prop.errors_address;
-#ifdef EXPERIMENTAL_SRS_ALT
-else if (addr->prop.srs_sender)
- return_path = addr->prop.srs_sender;
-#endif
else
return_path = sender_address;
{
BOOL ok = TRUE;
set_process_info("delivering %s to %s using %s", message_id,
- addr->local_part, addr->transport->name);
+ addr->local_part, tp->name);
- /* Setting this global in the subprocess means we need never clear it */
+ /* Setting these globals in the subprocess means we need never clear them */
transport_name = addr->transport->name;
+ driver_srcfile = tp->srcfile;
+ driver_srcline = tp->srcline;
/* If a transport filter has been specified, set up its argument list.
Any errors will get put into the address, and FALSE yielded. */
- if (addr->transport->filter_command)
+ if (tp->filter_command)
{
ok = transport_set_up_command(&transport_filter_argv,
- addr->transport->filter_command,
- TRUE, PANIC, addr, US"transport filter", NULL);
- transport_filter_timeout = addr->transport->filter_timeout;
+ tp->filter_command,
+ TRUE, PANIC, addr, FALSE, US"transport filter", NULL);
+ transport_filter_timeout = tp->filter_timeout;
}
else transport_filter_argv = NULL;
if (ok)
{
- debug_print_string(addr->transport->debug_string);
- replicate = !(addr->transport->info->code)(addr->transport, addr);
+ debug_print_string(tp->debug_string);
+ replicate = !(tp->info->code)(addr->transport, addr);
}
}
else for (addr2 = addr; addr2; addr2 = addr2->next)
if (addr2->transport_return == OK)
{
- addr3 = store_get(sizeof(address_item), FALSE);
+ addr3 = store_get(sizeof(address_item), GET_UNTAINTED);
*addr3 = *addr2;
addr3->next = NULL;
addr3->shadow_message = US &addr2->shadow_message;
if (!r || !(*ptr & rf_delete))
{
- r = store_get(sizeof(retry_item), FALSE);
+ r = store_get(sizeof(retry_item), GET_UNTAINTED);
r->next = addr->retries;
addr->retries = r;
r->flags = *ptr++;
if (*ptr)
{
- h = store_get(sizeof(host_item), FALSE);
+ h = store_get(sizeof(host_item), GET_UNTAINTED);
h->name = string_copy(ptr);
while (*ptr++);
h->address = string_copy(ptr);
if (!parlist)
{
- parlist = store_get(remote_max_parallel * sizeof(pardata), FALSE);
+ parlist = store_get(remote_max_parallel * sizeof(pardata), GET_UNTAINTED);
for (poffset = 0; poffset < remote_max_parallel; poffset++)
parlist[poffset].pid = 0;
- parpoll = store_get(remote_max_parallel * sizeof(struct pollfd), FALSE);
+ parpoll = store_get(remote_max_parallel * sizeof(struct pollfd), GET_UNTAINTED);
}
/* Now loop for each remote delivery */
}
/* Get the maximum it can handle in one envelope, with zero meaning
- unlimited, which is forced for the MUA wrapper case. */
+ unlimited, which is forced for the MUA wrapper case and if the
+ value could vary depending on the messages.
+ For those, we only split (below) by (tpt,dest,erraddr,hdrs) and rely on the
+ transport splitting further by max_rcp. So we potentially lose some
+ parallellism. */
- address_count_max = tp->max_addresses;
- if (address_count_max == 0 || mua_wrapper) address_count_max = 999999;
+ address_count_max = mua_wrapper || Ustrchr(tp->max_addresses, '$')
+ ? UNLIMITED_ADDRS : expand_max_rcpt(tp->max_addresses);
/************************************************************************/
if(addr->prop.errors_address)
return_path = addr->prop.errors_address;
-#ifdef EXPERIMENTAL_SRS_ALT
- else if(addr->prop.srs_sender)
- return_path = addr->prop.srs_sender;
-#endif
else
return_path = sender_address;
int fd = pfd[pipe_write];
host_item *h;
- /* Setting this global in the subprocess means we need never clear it */
- transport_name = tp->name;
+ /* Setting these globals in the subprocess means we need never clear them */
+ transport_name = addr->transport->name;
+ driver_srcfile = tp->srcfile;
+ driver_srcline = tp->srcline;
/* There are weird circumstances in which logging is disabled */
f.disable_logging = tp->disable_logging;
{
uschar * fname = spool_fname(US"input", message_subdir, message_id, US"-D");
- if ((deliver_datafile = Uopen(fname,
-#ifdef O_CLOEXEC
- O_CLOEXEC |
-#endif
- O_RDWR | O_APPEND, 0)) < 0)
+ if ( (deliver_datafile = Uopen(fname, EXIM_CLOEXEC | O_RDWR | O_APPEND, 0))
+ < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to reopen %s for remote "
"parallel delivery: %s", fname, strerror(errno));
}
- /* Set the close-on-exec flag */
-#ifndef O_CLOEXEC
+#ifndef O_CLOEXEC /* Set the close-on-exec flag */
(void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
FD_CLOEXEC);
#endif
this, Jan 1999.] We know the syntax is valid, so this can be done by simply
removing quoting backslashes and any unquoted doublequotes. */
-t = addr->cc_local_part = store_get(len+1, is_tainted(address));
+t = addr->cc_local_part = store_get(len+1, address);
while(len-- > 0)
{
int c = *address++;
if (new_address)
{
- address_item *new_parent = store_get(sizeof(address_item), FALSE);
+ address_item * new_parent = store_get(sizeof(address_item), GET_UNTAINTED);
*new_parent = *addr;
addr->parent = new_parent;
new_parent->child_count = 1;
*/
static void
-print_address_error(address_item *addr, FILE *f, uschar *t)
+print_address_error(address_item * addr, FILE * f, const uschar * t)
{
int count = Ustrlen(t);
-uschar *s = testflag(addr, af_pass_message) ? addr->message : NULL;
+uschar * s = testflag(addr, af_pass_message) ? addr->message : NULL;
if (!s && !(s = addr->user_message))
return;
if (!s || !*s)
log_write(0, LOG_MAIN|LOG_PANIC,
"Failed to expand %s: '%s'\n", varname, filename);
-else if (*s != '/')
- log_write(0, LOG_MAIN|LOG_PANIC, "%s is not absolute after expansion: '%s'\n",
- varname, s);
-else if (is_tainted2(s, LOG_MAIN|LOG_PANIC, "Tainted %s after expansion: '%s'\n", varname, s))
- ;
+else if (*s != '/' || is_tainted(s))
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "%s is not %s after expansion: '%s'\n",
+ varname, *s == '/' ? "untainted" : "absolute", s);
else if (!(fp = Ufopen(s, "rb")))
log_write(0, LOG_MAIN|LOG_PANIC, "Failed to open %s for %s "
"message texts: %s", s, reason, strerror(errno));
uschar * fname = spool_fname(US"input", message_subdir, id, US"-J");
FILE * jread;
- if ( (journal_fd = Uopen(fname, O_RDWR|O_APPEND
-#ifdef O_CLOEXEC
- | O_CLOEXEC
-#endif
-#ifdef O_NOFOLLOW
- | O_NOFOLLOW
-#endif
- , SPOOL_MODE)) >= 0
+ if ( (journal_fd = Uopen(fname,
+ O_RDWR|O_APPEND | EXIM_CLOEXEC | EXIM_NOFOLLOW, SPOOL_MODE)) >= 0
&& lseek(journal_fd, 0, SEEK_SET) == 0
&& (jread = fdopen(journal_fd, "rb"))
)
return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */
}
- /* Make a C stream out of it. */
+ /* Make a stdio stream out of it. */
if (!(message_log = fdopen(fd, "a")))
{
if (!tmp)
p->message = string_sprintf("failed to expand \"%s\" as a "
"system filter transport name", tpname);
- { uschar *m;
- if ((m = is_tainted2(tmp, 0, "Tainted values '%s' " "for transport '%s' as a system filter", tmp, tpname)))
- p->message = m;
- }
+ if (is_tainted(tmp))
+ p->message = string_sprintf("attempt to used tainted value '%s' for"
+ "transport '%s' as a system filter", tmp, tpname);
tpname = tmp;
}
else
while (addr_new)
{
int rc;
- uschar *p;
- tree_node *tnode;
- dbdata_retry *domain_retry_record;
- dbdata_retry *address_retry_record;
+ tree_node * tnode;
+ dbdata_retry * domain_retry_record, * address_retry_record;
addr = addr_new;
addr_new = addr->next;
if (Ustrcmp(addr->address, "/dev/null") == 0)
{
transport_instance * save_t = addr->transport;
- transport_instance * t = store_get(sizeof(*t), is_tainted(save_t));
+ transport_instance * t = store_get(sizeof(*t), save_t);
*t = *save_t;
t->name = US"**bypassed**";
addr->transport = t;
/* Ensure that the domain in the unique field is lower cased, because
domains are always handled caselessly. */
- p = Ustrrchr(addr->unique, '@');
- while (*p != 0) { *p = tolower(*p); p++; }
+ for (uschar * p = Ustrrchr(addr->unique, '@'); *p; p++) *p = tolower(*p);
DEBUG(D_deliver|D_route) debug_printf("unique = %s\n", addr->unique);
uschar * fname = spool_fname(US"input", message_subdir, id, US"-J");
if ((journal_fd = Uopen(fname,
-#ifdef O_CLOEXEC
- O_CLOEXEC |
-#endif
- O_WRONLY|O_APPEND|O_CREAT|O_EXCL, SPOOL_MODE)) < 0)
+ EXIM_CLOEXEC | O_WRONLY|O_APPEND|O_CREAT|O_EXCL, SPOOL_MODE)) < 0)
{
log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s",
fname, strerror(errno));
if (!regex_IGNOREQUOTA)
regex_IGNOREQUOTA =
- regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE);
+ regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", MCS_NOFLAGS, TRUE);
/* Handle local deliveries */
{
/* copy and relink address_item and send report with all of them at once later */
address_item * addr_next = addr_senddsn;
- addr_senddsn = store_get(sizeof(address_item), FALSE);
+ addr_senddsn = store_get(sizeof(address_item), GET_UNTAINTED);
*addr_senddsn = *a;
addr_senddsn->next = addr_next;
}
if (pid == 0) /* child: will fork again to totally disconnect */
{
smtp_proxy_tls(cutthrough.cctx.tls_ctx, big_buffer, big_buffer_size,
- pfd, 5*60);
+ pfd, 5*60, cutthrough.host.name);
/* does not return */
}
git://git.exim.org / exim.git / blobdiff